Pull Email logs and data using API
Email Security.cloud
The Data Feed API script can be used to pull the logs which saves them locally in Json format. The Data Feed API script will not automatically import the logs into a SIEM application. You can check if your local SIEM can import the logs in Json format. If it can, then you could schedule the API script locally to regularly pull the logs.
The Data Feed API guide and a sample Python script can be downloaded from the portal under :
Dashboard > Services > Email Threat Detection and Response > Email Data Feed Settings
The Data Feed API guide is also available here: